Source-Link: googleapis/synthtool@7751597
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:a1e45c1b53fceb5fa7fd5c49cf898048c210eb07001a3355548e7a4545200ee8

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

* feat: Enable full object checksum validation on JSON path

Adds validation for client-provided (pre-calculated) and
client-calculated CRC32C and MD5 hashes when the final upload request is
made via the JSON API path (status 200).

This ensures consistency checks are performed even when the `Upload`
stream is finalized, preventing silent data corruption if the
server-reported hash (in the response body) mismatches the client's
expected hash.

* fix: duplicate codes removed

* added unit test cases

* fix: Resolve checksum validation failures and add full test suite

Adds the 'Validation of Client Checksums Against Server Response' test
suite. Fixes test failures in client-provided hash scenarios by updating
mock responses to ensure server-reported checksums match the client's
expected values.

* code refactor

* refactor: Combine and parameterize checksum validation tests

Refactors four duplicate test cases (CRC32C/MD5 success and failure)
into a single, parameterized test block within the 'Validation of Client
Checksums Against Server Response' suite.

This improves test clarity and reduces code duplication by dynamically
generating test scenarios for post-upload hash validation.

* addressing comments

* bug fix

* added system test

* fix system test

* bug fix

* fix: Address stream consumption, checksum, and multi-part session hangs

This commit introduces several stability fixes for the ResumableUpload
class:

1.  **Fixes Timeouts in Unit Tests:** Updates `makeRequestStream` mocks
to fully drain the request body stream, resolving stream consumption
deadlocks and timeouts in `#startUploading` unit tests.
2.  **Fixes Multi-Part Hang:** Correctly finalizes the `pipeline` for
partial chunks (`isPartialUpload=true`) by calling `pipelineCallback()`
immediately after successful chunk upload, preventing indefinite hangs
in multi-session tests.
3.  **Fixes Single-Chunk Checksum Missing Header:** Applies the
`X-Goog-Hash` header unconditionally in single-chunk mode if a validator
is present, ensuring checksum validation is active even when
`contentLength` is unknown.

* code refactor

* code refactor

* refactor: streamline checksum and resumable upload logic

Simplify `HashStreamValidator._flush` by utilizing `md5Digest` getter.

Source-Link: googleapis/synthtool@36ebc33
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:1c50961ec998cd24968d5b2628e8d88a36b612ea881e71bfd171c93cc9d08b9e

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Skips tests that attempt to assign public or authenticated user roles
to IAM policies. These tests are currently failing with 403 errors due
to environment permission restrictions.

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>